“Poodle” – security hole in SSLv3: Retarus customers are on the safe side

Security experts have published last night a paper about “Poodle”, a new security hole discovered in the outdated SSLv3 protocol. Retarus responded immediately, disabling the protocol which had still been used as a fallback protocol on their servers.
Poodle shows how attackers can force the use of SSLv3, by interfering with the SSL / TLS connection. Once the server and client have agreed on a SSLv3 connection, the encryption is being attacked and important connection data is being read. Attackers can steal the session cookie thus being able to hijack the account of the user.
Companies are secure against such attacks when accessing the Retarus Enterprise Administration Portal (EAS) or Retarus’ content delivery platform WebExpress (http://www.retarus.com/en/products/webexpress.php), as SSLv3 is no longer used to access these portals.